{"uuid": "4fc3c799-25d6-4919-b0c5-fbfaf87258ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32223", "type": "seen", "source": "https://t.me/cibsecurity/46245", "content": "\u203c CVE-2022-32223 \u203c\n\nNode.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and \u00e2\u20ac\u0153C:\\Program Files\\Common Files\\SSL\\openssl.cnf\u00e2\u20ac\ufffd exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-14T18:32:37.000000Z"}